On the Cost of Suppressing Volume for Encrypted Multi-maps

Abstract

Structured encryption (STE) schemes allow a client to store sensitive data on a semi-trusted remote server and query the data. STE schemes strike a balance between privacy and efficiency by leaking some information to the server. In particular, many STE schemes leak the volume pattern i.e., response lengths, and the query equality pattern i.e., if any queries are repeated. Recently discovered leakage-abuse attacks demonstrate that leaking the volume pattern can be unsafe; that is, the server can reconstruct parts of the database from this leakage. To address this leakage, Kamara and Moataz proposed a novel multi-map encryption scheme, AVLH, that hides query volumes by padding responses with parts of other responses (Eurocrypt 2019). AVLH was shown to be more storage-efficient than the naive approach to pad responses with dummy values to reach the maximum response length. Subsequently, Patel et al. provided an even more efficient volume-hiding multimap scheme, dprfMM (CCS 2019). Despite these advances, the costs of fully suppressing query volumes are still unclear. In this paper, we provide the first lower bounds on STE schemes for multi-maps that leak at most the query equality pattern. Surprisingly, we find that in many cases, such STE schemes cannot be more storage-efficient than naively padding to the maximum length.